<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
    <title>ShellCheck: SC2059 – Don't use variables in the `printf` format string. Use `printf "..%s.." "$foo"`.</title>
    <link rel="stylesheet" href="css/bootstrap.min.css" />
  </head>
  <body style="margin-left: auto; margin-right: auto; max-width: 800px">
    <h1>SC2059 – ShellCheck Wiki</h1>
    <a href="https://github.com/koalaman/shellcheck/wiki/SC2059">See this page on GitHub</a>
    <p style="display: none"><a href="index.html">Sitemap</a></p>
    <hr />
    <h1
id="dont-use-variables-in-the-printf-format-string-use-printf-s-foo">Don't
use variables in the <code>printf</code> format string. Use
<code>printf "..%s.." "$foo"</code>.</h1>
<h3 id="problematic-code">Problematic code:</h3>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="SC2059.html#cb1-1" aria-hidden="true" tabindex="-1"></a><span class="bu">printf</span> <span class="st">&quot;Hello, </span><span class="va">$NAME</span><span class="st">\n&quot;</span></span></code></pre></div>
<h3 id="correct-code">Correct code:</h3>
<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="SC2059.html#cb2-1" aria-hidden="true" tabindex="-1"></a><span class="bu">printf</span> <span class="st">&quot;Hello, %s\n&quot;</span> <span class="st">&quot;</span><span class="va">$NAME</span><span class="st">&quot;</span></span></code></pre></div>
<h3 id="rationale">Rationale:</h3>
<p><code>printf</code> interprets escape sequences and format specifiers
in the format string. If variables are included, any escape sequences or
format specifiers in the data will be interpreted too, when you most
likely wanted to treat it as data. Example:</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="SC2059.html#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="va">coverage</span><span class="op">=</span><span class="st">&#39;96%&#39;</span></span>
<span id="cb3-2"><a href="SC2059.html#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="bu">printf</span> <span class="st">&quot;Unit test coverage: %s\n&quot;</span> <span class="st">&quot;</span><span class="va">$coverage</span><span class="st">&quot;</span></span>
<span id="cb3-3"><a href="SC2059.html#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="bu">printf</span> <span class="st">&quot;Unit test coverage: </span><span class="va">$coverage</span><span class="st">\n&quot;</span></span></code></pre></div>
<p>The first printf writes <code>Unit test coverage: 96%</code>.</p>
<p>The second writes
<code>bash: printf: `\': invalid format character</code></p>
<p>Sometimes you may actually want to interpret data as a format string,
like in:</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="SC2059.html#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="fu">octToAscii()</span> <span class="kw">{</span> <span class="bu">printf</span> <span class="st">&quot;</span><span class="dt">\\</span><span class="va">$1</span><span class="st">&quot;</span><span class="kw">;</span> <span class="kw">}</span></span>
<span id="cb4-2"><a href="SC2059.html#cb4-2" aria-hidden="true" tabindex="-1"></a><span class="ex">octToAscii</span> 130</span></code></pre></div>
<p>In this case, use the <code>%b</code> format specifier that expands
escape sequences without interpreting other format specifiers:</p>
<div class="sourceCode" id="cb5"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb5-1"><a href="SC2059.html#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="fu">octToAscii()</span> <span class="kw">{</span> <span class="bu">printf</span> <span class="st">&#39;%b&#39;</span> <span class="st">&quot;\0</span><span class="va">$1</span><span class="st">&quot;</span><span class="kw">;</span> <span class="kw">}</span></span>
<span id="cb5-2"><a href="SC2059.html#cb5-2" aria-hidden="true" tabindex="-1"></a><span class="ex">octToAscii</span> 130</span></code></pre></div>
<h3 id="exceptions">Exceptions:</h3>
<p>Sometimes you might have a pattern in a variable:</p>
<div class="sourceCode" id="cb6"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb6-1"><a href="SC2059.html#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="va">filepattern</span><span class="op">=</span><span class="st">&quot;file-%d.jpg&quot;</span></span>
<span id="cb6-2"><a href="SC2059.html#cb6-2" aria-hidden="true" tabindex="-1"></a><span class="bu">printf</span> <span class="at">-v</span> filename <span class="st">&quot;</span><span class="va">$filepattern</span><span class="st">&quot;</span> <span class="st">&quot;</span><span class="va">$number</span><span class="st">&quot;</span></span></code></pre></div>
<p>This has no good rewrite. Please <a href="ignore.html">ignore</a> the
warning with a <a href="directive.html">directive</a>.</p>
<h3 id="related-resources">Related resources:</h3>
<ul>
<li><a
href="https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/printf.html"
class="uri">https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/printf.html</a></li>
</ul>
    <hr />
    <p style='font-size: 80%'><a href="../index.html">ShellCheck</a> is a static analysis tool for shell scripts. This page is part of its documentation.</p>
  </body>
</html>


